<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Sanitize filters</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="filter.filters.validate.html">Validate filters</a></div> <div class="next" style="text-align: right; float: right;"><a href="filter.filters.misc.html">Other filters</a></div> <div class="up"><a href="filter.filters.html">Types of filters</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="filter.filters.sanitize" class="section"> <h2 class="title">Sanitize filters</h2> <p class="para"> <table class="doctable table"> <caption><strong>List of filters for sanitization</strong></caption> <thead> <tr> <th>ID</th> <th>Name</th> <th>Options</th> <th>Flags</th> <th>Description</th> </tr> </thead> <tbody class="tbody"> <tr> <td><strong><code>FILTER_SANITIZE_EMAIL</code></strong></td> <td>"email"</td> <td class="empty"> </td> <td class="empty"> </td> <td> Remove all characters except letters, digits and <em>!#$%&'*+-/=?^_`{|}~@.[]</em>. </td> </tr> <tr> <td><strong><code>FILTER_SANITIZE_ENCODED</code></strong></td> <td>"encoded"</td> <td class="empty"> </td> <td> <strong><code>FILTER_FLAG_STRIP_LOW</code></strong>, <strong><code>FILTER_FLAG_STRIP_HIGH</code></strong>, <strong><code>FILTER_FLAG_ENCODE_LOW</code></strong>, <strong><code>FILTER_FLAG_ENCODE_HIGH</code></strong> </td> <td>URL-encode string, optionally strip or encode special characters.</td> </tr> <tr> <td><strong><code>FILTER_SANITIZE_MAGIC_QUOTES</code></strong></td> <td>"magic_quotes"</td> <td class="empty"> </td> <td class="empty"> </td> <td>Apply <span class="function"><a href="function.addslashes.html" class="function">addslashes()</a></span>.</td> </tr> <tr> <td><strong><code>FILTER_SANITIZE_NUMBER_FLOAT</code></strong></td> <td>"number_float"</td> <td class="empty"> </td> <td> <strong><code>FILTER_FLAG_ALLOW_FRACTION</code></strong>, <strong><code>FILTER_FLAG_ALLOW_THOUSAND</code></strong>, <strong><code>FILTER_FLAG_ALLOW_SCIENTIFIC</code></strong> </td> <td> Remove all characters except digits, <em>+-</em> and optionally <em>.,eE</em>. </td> </tr> <tr> <td><strong><code>FILTER_SANITIZE_NUMBER_INT</code></strong></td> <td>"number_int"</td> <td class="empty"> </td> <td class="empty"> </td> <td> Remove all characters except digits, plus and minus sign. </td> </tr> <tr> <td><strong><code>FILTER_SANITIZE_SPECIAL_CHARS</code></strong></td> <td>"special_chars"</td> <td class="empty"> </td> <td> <strong><code>FILTER_FLAG_STRIP_LOW</code></strong>, <strong><code>FILTER_FLAG_STRIP_HIGH</code></strong>, <strong><code>FILTER_FLAG_ENCODE_HIGH</code></strong> </td> <td> HTML-escape <em>'"<>&</em> and characters with ASCII value less than 32, optionally strip or encode other special characters. </td> </tr> <tr> <td><strong><code>FILTER_SANITIZE_FULL_SPECIAL_CHARS</code></strong></td> <td>"full_special_chars"</td> <td class="empty"> </td> <td> <strong><code>FILTER_FLAG_NO_ENCODE_QUOTES</code></strong>, </td> <td> Equivalent to calling <span class="function"><a href="function.htmlspecialchars.html" class="function">htmlspecialchars()</a></span> with <strong><code>ENT_QUOTES</code></strong> set. Encoding quotes can be disabled by setting <strong><code>FILTER_FLAG_NO_ENCODE_QUOTES</code></strong>. Like <span class="function"><a href="function.htmlspecialchars.html" class="function">htmlspecialchars()</a></span>, this filter is aware of the <a href="ini.core.html#ini.default-charset" class="link">default_charset</a> and if a sequence of bytes is detected that makes up an invalid character in the current character set then the entire string is rejected resulting in a 0-length string. When using this filter as a default filter, see the warning below about setting the default flags to 0. </td> </tr> <tr> <td><strong><code>FILTER_SANITIZE_STRING</code></strong></td> <td>"string"</td> <td class="empty"> </td> <td> <strong><code>FILTER_FLAG_NO_ENCODE_QUOTES</code></strong>, <strong><code>FILTER_FLAG_STRIP_LOW</code></strong>, <strong><code>FILTER_FLAG_STRIP_HIGH</code></strong>, <strong><code>FILTER_FLAG_ENCODE_LOW</code></strong>, <strong><code>FILTER_FLAG_ENCODE_HIGH</code></strong>, <strong><code>FILTER_FLAG_ENCODE_AMP</code></strong> </td> <td>Strip tags, optionally strip or encode special characters.</td> </tr> <tr> <td><strong><code>FILTER_SANITIZE_STRIPPED</code></strong></td> <td>"stripped"</td> <td class="empty"> </td> <td class="empty"> </td> <td>Alias of "string" filter.</td> </tr> <tr> <td><strong><code>FILTER_SANITIZE_URL</code></strong></td> <td>"url"</td> <td class="empty"> </td> <td class="empty"> </td> <td> Remove all characters except letters, digits and <em>$-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=</em>. </td> </tr> <tr> <td><strong><code>FILTER_UNSAFE_RAW</code></strong></td> <td>"unsafe_raw"</td> <td class="empty"> </td> <td> <strong><code>FILTER_FLAG_STRIP_LOW</code></strong>, <strong><code>FILTER_FLAG_STRIP_HIGH</code></strong>, <strong><code>FILTER_FLAG_ENCODE_LOW</code></strong>, <strong><code>FILTER_FLAG_ENCODE_HIGH</code></strong>, <strong><code>FILTER_FLAG_ENCODE_AMP</code></strong> </td> <td>Do nothing, optionally strip or encode special characters.</td> </tr> </tbody> </table> </p> <div class="warning"><strong class="warning">Warning</strong> <p class="para"> When using one of these filters as a default filter either through your ini file or through your web server's configuration, the default flags is set to <strong><code>FILTER_FLAG_NO_ENCODE_QUOTES</code></strong>. You need to explicitly set filter.default_flags to 0 to have quotes encoded by default. Like this: <div class="example" id="example-5084"> <p><strong>Example #1 Configuring the default filter to act like htmlspecialchars</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> filter.default = full_special_chars<br />filter.default_flags = 0</span> </code></div> </div> </div> </p> </div> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="filter.filters.validate.html">Validate filters</a></div> <div class="next" style="text-align: right; float: right;"><a href="filter.filters.misc.html">Other filters</a></div> <div class="up"><a href="filter.filters.html">Types of filters</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>